1pam_auth(8)                 System Manager's Manual                pam_auth(8)
2
3
4

NAME

6       pam_auth - Squid PAM authentication helper
7

SYNOPSIS

9       squid_pam_auth [-n "service name"] [-t TTL] [-o] [-1]
10

DESCRIPTION

12       This helper allows Squid to connect to a mostly any available PAM data‐
13       base to validate the user name and password of Basic  HTTP  authentica‐
14       tion.
15
16       -s service-name
17              Specifies the PAM service name Squid uses, defaults to "squid"
18
19       -t TTL Enables  persistent  PAM connections where the connection to the
20              PAM database is kept open and reused for  new  logins.  The  TTL
21              specifies  how  long  the  connection will be kept open (in sec‐
22              onds).  Default is to not keep PAM connections open. Please note
23              that  the  use of persistent PAM connections is slightly outside
24              the PAM specification and may not work with all  PAM  configura‐
25              tions.
26
27       -o     Do not perform the PAM account management group (account expira‐
28              tion etc)
29
30

CONFIGURATION

32       The program needs a PAM service to be configured  in  /etc/pam.conf  or
33       /etc/pam.d/<servicename>
34
35       The  default  service name is "squid", and the program makes use of the
36       'auth' and 'account' management groups to verify the password  and  the
37       accounts validity.
38
39       For details on how to configure PAM services, see the PAM documentation
40       for your system. This manual does not cover PAM configuration details.
41

NOTES

43       When used for authenticating to local UNIX  shadow  password  databases
44       the  program  must  be running as root or else it won't have sufficient
45       permissions to access the user password database. Such use of this pro‐
46       gram  is  not  recommended, but if you absolutely need to then make the
47       program setuid root
48
49              chown root pam_auth
50              chmod u+s pam_auth
51
52       Please note that in such configurations it is also strongly recommended
53       that  the  program  is moved into a directory where normal users cannot
54       access it, as this mode of operation  will  allow  any  local  user  to
55       brute-force  other  users passwords. Also note the program has not been
56       fully audited and the author cannot be held responsible for  any  secu‐
57       rity issues due to such installations.
58

AUTHOR

60       Squid   pam_auth  and  this  manual  is  written  by  Henrik  Nordstrom
61       <hno@squid-cache.org>
62

COPYRIGHT

64       Squid pam_auth and this manual is Copyright 1999,2002,2003 Henrik Nord‐
65       strom <hno@squid-cache.org>
66

QUESTIONS

68       Questions  on  the usage of this program can be sent to the Squid Users
69       <squid-users@squid-cache.org> mailing list.
70

REPORTING BUGS

72       Report bugs or bug-fixes to Squid Bugs <squid-bugs@squid-cache.org>  or
73       ideas  for  new  improvements  to  Squid  Developers  <squid-dev@squid-
74       cache.org>
75

SEE ALSO

77       pam(8), PAM Systems Administrator Guide
78
79
80
81Squid PAM Auth                    5 Sep 2003                       pam_auth(8)